tr?id=&ev=PageView&noscript=

Cyberattack Causes Chaos at Major Pennsylvania-Based Hospital Chain

By Associated Press

September 29, 2020
pennsylvania Voting Guide

United Health Services, which operates more than 11 facilities in Pennsylvania and hundreds more across the US, suffered a system-wide computer outage that has affected patient care.

WASHINGTON — A computer outage at a major hospital chain thrust healthcare facilities across the US into chaos Monday, with treatment impeded as doctors and nurses already burdened by the coronavirus pandemic were forced to rely on paper backup systems.

Universal Health Services Inc., which operates more than 250 hospitals and other clinical facilities in the US, blamed the outage on an unspecified IT “security issue” in a statement posted to its website Monday but provided no details about the incident, such as how many facilities were affected and whether patients had to be diverted to other hospitals.

UHS workers reached by The Associated Press at company facilities in Texas and Washington, D.C. described mad scrambles after the outage began overnight Sunday to render care, including longer emergency room waits and anxiety over determining which patients might be infected with the virus that causes COVID-19.

The Fortune 500 company, with 90,000 employees, said “patient care continues to be delivered safely and effectively” and no patient or employee data appeared to have been “accessed, copied or misused.” The King of Prussia, Pennsylvania, company also has hospitals in the United Kingdom, but its operations in that country were not affected, a spokeswoman said Monday night.

John Riggi, senior cybersecurity adviser to the American Hospital Association, called it a “suspected ransomware attack,” affirming reporting on the social media site Reddit by people identifying themselves as UHS employees. BleepingComputer, an online cybersecurity news site, spoke to UHS employees who described ransomware with the characteristics of Ryuk, which has been widely linked to Russian cybercriminals and used against large enterprises.

Criminals have been increasingly targeting health care institutions with ransomware during the pandemic, infecting networks with malicious code that scrambles data. To unlock it, they demand payment.

Increasingly, ransomware purveyors download data from networks before encrypting targeted servers, using it for extortion. Earlier this month, the first known fatality related to ransomware occurred in Duesseldorf, Germany, after an attack caused IT systems to fail and a critically ill patient needing urgent admission died after she had to be taken to another city for treatment.

UHS may not be a household name, but it has US hospitals from Washington, D.C., to Fremont, California, and Orlando, Florida, to Anchorage, Alaska.

Some of its facilities provide care for people coping with psychiatric conditions and substance abuse problems.

Its Pennsylvania facilities include Friends Hospital in Philadelphia, Brooke Glen Behavioral Hospital in Fort Washington, Clarion Psychiatric Center in Clarion, Fairmount Behavioral Health System in Roxborough, Foundations Behavioral Health in Doylestown, The Horsham Clinic in Horsham, Lancaster Behavioral Health Hospital in Lancaster, The Meadows Psychiatric Center in Centre Hall, and Roxbury Treatment Center in Shippensburg.

A clinician involved in direct patient care at a Washington UHC facility described a high-anxiety scramble to handle the loss of computers and some phones. That meant medical staff could not easily see lab results, imaging scans, medication lists, and other critical pieces of information doctors rely on to make decisions. Phone problems complicated the situation, making it harder to communicate with nurses. Lab orders had to be hand-delivered.

“These things could be life or death,” said the clinician.

A different UHS healthcare worker, at an acute care facility in Texas, described an even more chaotic scene. Both the Texas and Washington D.C. workers asked not to be identified by name because they were not authorized to speak publicly.

“As of right now we have no access to any patient files, history nothing,” the Texas worker said, with emergency room wait times going from 45 minutes to six hours. “Doctors aren’t able to access any type of X-rays, CT scans.”

Nothing that runs on Wi-Fi alone was functioning Monday, the Texas worker said. Telemetry monitors that show critical care patients’ heart rates, blood pressure and oxygen levels went dark and had to be restored with ethernet cabling.

The Washington clinician said there was a lot of concern about how to determine whether or not patients had been exposed to the coronavirus, the Washington clinician said, adding that no harm came to any of the 20 or so patients they attended to. However, anxiety reigned during the entire shift. Handing off a patient to another department, always a delicate task because of the potential for miscommunication, became especially nerve-wracking.

“We are most concerned with ransomware attacks which have the potential to disrupt patient care operations and risk patient safety,” said Riggi, the cybersecurity adviser to hospitals. “We believe any cyberattack against any hospital or health system is a threat-to-life crime and should be responded to and pursued as such by the government.”

Ransomware attacks have crippled everything from major cities to school districts, and federal officials are concerned they could be used to disrupt the current presidential election. Last week, a major supplier of software services to state, county and local governments, Tyler Technologies, was hit.

In the US alone, 764 healthcare providers were victimized last year by ransomware, according to data compiled by the cybersecurity firm Emsisoft. It estimates the overall cost of ransomware attacks in the US to $9 billion a year in terms of recovery and lost productivity. The only way to effectively recover, for those unwilling to pay ransoms, is through diligent daily system data backups.

Author

CATEGORIES: Uncategorized
Related Stories

VIDEO: Watch Scott Perry run from reporters in the capitol

Congressman Scott Perry (R-York) ran away from reporters in the Pennsylvania capitol on Monday after he spoke on a panel with the National Federation of Independent Business. Perry bolted from the event by leaving through a back door and refused to answer questions...

VIDEO: What to consider when adopting a shelter pet

VIDEO: What to consider when adopting a shelter pet

There’s no scientific way to prove that pets adopted from an animal shelter have more love to give than those purchased from a breeder or pet store. But ask anyone who’s ever provided a forever home to a furry family member they found at an animal shelter, and you’ll...

Share This